Wi-Fi Networks Can Brick Pre-iOS 9.3.1 Devices With New Version Of 1970 Bug

It’s always extremely prudent and worthwhile to ensure that all of your Apple devices, whether that be an iPhone, iPad, Mac, or even an Apple TV, are furnished with the latest available software update that supports that particular device. This not only means that you continuously have access to the latest features and functionally introduced on a software level, but that the device is also continually protected with the latest security and encryption improvements. A new report is hitting that point home harder than ever by shining light on the potential for devices running outdated firmware including – iOS 9.3 – to fall victim to “automated threats capable of rendering them unresponsiveness and perhaps forever useless” all through a Wi-Fi connection.

It feels as though Apple has been in a run of patching and eradicating bugs recently with a number of point iOS releases as well as the occasional server-side fix where appropriate. One of the latest to require an update to iOS was the bug that had the power to brick and render an iOS device entirely useless if the date on the phone or tablet was set back to January 1, 1970. As mentioned, Apple had applied defensive code around this in iOS 9.3 and above to prevent it from occurring. The bug would have initially only affected those who have explicitly chosen to manually make that change while running an iOS version below 9.3, but now researchers have proved that the whole process could actually be automated by harvesting the reach of malicious Wi-Fi networks and will affect all iPhones and iPads running iOS 9.3 and lower.

wifi-bug-ios

Rather than having to go into the device settings and manually change the date on the device, a research has shown that would-be attackers could utilize publicly available wireless networks to automate the attack on all pre iOS 9.3.1 devices. The predicted results were achieved by relying on the fact that iOS devices are programmed to automatically connect to wireless networks that they have been previously connected to without going through a particularly rigid authentication process.

How exactly?

To use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automatically connects.

This lack of any real authentication allows attackers to create a network with the name of one that is widely available in public hotspots, such as the “attwifi” example above. If broadcasted in a public arena, the likelihood is that some devices would have previously seen this network and would connect to it without fuss. The attackers can then “inspect, modify, or redirect any network traffic” for any connected devices.

What the attacker would do, is spoof the network time protocol (NTP) servers that mobile devices use to sync their time with, so setting a phone’s date to January 1, 1970 shouldn’t be an issue. While bricking a device seems pointless, here’s another explanation for the motive to spoof NPT servers:

Most applications on an iPad are configured to use security certificates that encrypt data transmitted to and from the user’s device. Those encryption certificates stop working correctly if the system time and date on the user’s mobile is set to a year that predates the certificate’s issuance.

If this is something that scares or concerns you, then the only way of ensuring you are 100% safe from this attack is to update your devices to the latest iOS 9.3.1 firmware. Prior to making it public, the research team notified Apple about the issue and as such iOS 9.3.1 includes a fix for it.

(Source: Krebs on Security, PacketSled [YouTube])

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.